Bobcares

Apache mod_userdir Tweak

by | Mar 20, 2022

Wondering how to use Apache mod_userdir Tweak? We can help you.

At Bobcares, we offer solutions for every query, big and small, as a part of our Server Management Service.

Let’s take a look at how our Support Team assist with this query.

How to use Apache mod_userdir Tweak?

This interface allows you to disable the Apache

mod_userdirCopy Code
module’s functionality for your users.

Warning:
  • We strongly recommend that you disable this access for most of your users.
  • Before you use this interface, make certain that you read the Security Implications and Warnings sections below.
  • If you enable Apache’s
    ruby24-mod_passengerCopy Code
    or
    ruby27-mod_passengerCopy Code
    module in WHM’s EasyApache 4 interface (WHM >> Home >> Software >> EasyApache 4), the system disables the Apache
    mod_userdirCopy Code
    module by default.
  • You must enable this feature to allow accounts to use shared SSL certificates.

 

Enable access

Today, let us see the steps followed by our Support Techs to enable

mod_userdirCopy Code
access:

  1. Firstly, select the Enable
    mod_userdirCopy Code
    Protection
    checkbox.
  2. Then, to enable
    mod_userdirCopy Code
    functionality for specific hosts, select the appropriate Exclude Protection checkboxes.
  3. To only allow
    mod_userdirCopy Code
    functionality for specific additional users to access these hosts, enter their usernames in the Additional Users text box.
    • Resellers can use this feature to allow their customers to access their own websites before DNS information propagates.
    • To enter multiple users, separate each account name with a space.
  4. Finally, click Save.
Please note to allow your users to access their own accounts through this module, but not circumvent bandwidth limits, select the Exclude Protection checkbox for the DefaultHost (nobody) host.
 

Security Implications

We strongly recommend that you restrict

mod_userdirCopy Code
functionality for most of your users.
mod_userdirCopy Code
can expose potential security issues.

  • The system accounts for bandwidth per-host rather than per-user. If a user access another user’s content via
    mod_userdir.Copy Code
  • Then the server will not record their bandwidth usage correctly. This can also potentially allow for one user to use the bandwidth of another.

When you disable

mod_userdirCopy Code
protection for a host, do not exclude the entire host, but rather exclude only specific users via the Additional Users text box.

 

Enable protection

Before you enable the Apache

mod_userdirCopy Code
module, make certain that you understand the following information:

  • Java servlets do not work with
    mod_userdirCopy Code
    -based URLs because Tomcat requires you to add additional directives to the virtual host.
    Important:
    EasyApache 3 does not support new installations of Tomcat. As of cPanel & WHM version 76, EasyApache 4 now supports Tomcat 8.5.
  • The following PHP handlers do not allow you to use the Apache
    mod_userdirCopy Code
    module.
    • PHP via CGI.
    • FastCGI.
    • PHP-FPM.
  • open_basedirCopy Code
    protection restricts PHP’s access to the home directory of the user who owns the base domain, not the home directory of the user account that a visitor accesses.
  • If you enable
    open_basedirCopy Code
    protection in WHM’s MultiPHP INI Editor interface, visitors cannot access some sites via the
    mod_userdirCopy Code
    module.
  • Websites that use
    the mod_rewriteCopy Code
    or other directives in their
    .htaccessCopy Code
    files will not function correctly when visitors view them through
    mod_userdirCopy Code
    URLs.
  • If you enable Apache’s
    mod_ruid2Copy Code
    module, then the
    mod_userdirCopy Code
    module will not function correctly.

To use Apache’s

mod_userdirCopy Code
module, perform the following actions:

  • Make certain that the
    mod_suphp moduleCopy Code
    is installed in the Apache Modules section of WHM’s EasyApache 4 interface.
  • Select suphp for each version of PHP installed on your system in the PHP Handlers section of WHM’s MultiPHP Manager interface.

Disabled protection

Before you disable

mod_userdirCopy Code
protection, make certain that you understand the following information:

  • While this WHM feature allows you to restrict
    mod_userdirCopy Code
    functionality, it does not remove the module itself.
  • This feature does not list IP addresses because the
    mod_userdirCopy Code
    module uses virtual hosts.
    • You cannot use IP addresses to configure this feature.
    • If you do not protect the default host, you can access the server’s main IP address through the
      mod_userdirCopy Code
      module in most cases.
    • If you attempt to provide protection on a dedicated IP address, the site’s contents will still display when protection is enabled.
    • To disable this behavior, open the
      /etc/apache2/conf.d/includes/post_virtualhost_global.confCopy Code
      file with a text editor and add the following line:
      UserDir disabledCopy Code

[Looking for a solution to another query? We are just a click away.]

 

Conclusion

To sum up, our skilled Support Engineers at Bobcares demonstrate Apache mod_userdir Tweak.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Speed issues driving customers away?
We’ve got your back!